That's non-trivial to pull off without massive noise being generated by users. Even if you're able to somehow able to backdoor all domestic computers to install the government's root certificate, there's going to be a steady stream of complaints from foreigners coming in with their non-backdoored devices.
That means that either the government has a browser trusted root CA (which means they could spy on anyone in the world if they can MITM them), or they somehow force everyone in the country to install their trusted CAs.